22e0f8313f1d852d1f4e9afbc2f322b8348e563632f7a075ceb2ac3e42c67436

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 11:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c89a6db8a17480ac16105b17428e750N.exe
Size

41KB
MD5

6c89a6db8a17480ac16105b17428e750
SHA1

52186d3b7e56702636d2c3a2120bbaed4e7405f1
SHA256

22e0f8313f1d852d1f4e9afbc2f322b8348e563632f7a075ceb2ac3e42c67436
SHA512

87215ff90dc71ac5188782307a67345789180fa3839f24f9a5522c3e348ce56ad29ab642e95aaffcd2eb312bcccab1fbcdeb1697b94220cf5dca20d04f7e9ac9
SSDEEP

384:GBt7Br5xjLvassAgA71FbhvYD/DggNNHpQKMNHpQKMwk:W7Blp2sspARFbhVgNNHpQRNHpQR/

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3445) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Lagos.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libadjust_plugin.dll.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\South_Georgia.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\vlc.mo.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Petersburg.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\file_obj.gif.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sa.jar.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Java\jre7\bin\j2pcsc.dll.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rainy_River.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\decora-sse.dll.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7MDT.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspdif_plugin.dll.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Java\jre7\lib\management-agent.jar.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Samarkand.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Mozilla Firefox\vcruntime140.dll.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.Printing.resources.dll.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\keystore\libfile_keystore_plugin.dll.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet_3.0.0.v201112011016.jar.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\01_googleimage.luac.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Hobart.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_zh_CN.jar.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler.xml.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_chromecast_plugin.dll.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgrain_plugin.dll.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt_0.12.100.v20140530-1436.jar.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-impl.xml.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	6c89a6db8a17480ac16105b17428e750N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	6c89a6db8a17480ac16105b17428e750N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6c89a6db8a17480ac16105b17428e750N.exe

C:\Users\Admin\AppData\Local\Temp\6c89a6db8a17480ac16105b17428e750N.exe
"C:\Users\Admin\AppData\Local\Temp\6c89a6db8a17480ac16105b17428e750N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp

Filesize
41KB

MD5
bcfa33fd1727ee4b05c6917cb9116f67

SHA1
e31b01e154e9214019947a91611f7c6103104dcc

SHA256
752c94b78e9976c68d6f352b5b2366e8643a54e17f90ec4fa95190af18191964

SHA512
243d8302358c6c68714f2311c7f226d07bb4ca3410cb5fcbd290bd3ce9d3b13b78eae22b443c9782826a6ee299a69c826c0cd8eed8277a32306c3caf3b6ced12

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
50KB

MD5
73a2cbbc623880131fa6c6c3f65deda1

SHA1
8ef6459249e17608f202260b49b509b9ee23ede8

SHA256
5aed92755d067a2cb742f659136bcae28b3592cf5855148776b1c73ed806e26b

SHA512
bfa6c3cdbec96b8eda0633d2f49be494a35732e881f70b22aa585dac30b9a10232040d6563d64af879e29662fdce7af1d5b2f2afccb40e258e2929e2304624b6

Download Submit